MOZILLA says Mythos identified 271 Firefox vulnerabilities over two months, with engineers reporting “almost no false positives” thanks to a harness that guides the AI through testing and verification. Of the 271 bugs, 180 were sec-high, 80 were sec-moderate, and 11 were sec-low, with the team noting that some reports were later publicly released as Bugzilla entries after internal rollups.
The behind‑the‑scenes view also disclosed the unhiding of full Bugzilla reports for 12 of the vulnerabilities discovered using Mythos, and described how a second LLM grades the initial outputs to provide confidence for developers. The approach hinges on an agent harness that provides tools and a testing loop, plus existing fuzzing systems and a sanitizer build of Firefox to generate test cases; when a crash is produced, it confirms a potential issue.
According to Mozilla Distinguished Engineer Brian Grinstead, “there are almost no false positives,” a point Mozilla has faced with scepticism as it promotes AI-assisted vulnerability discovery.